ext-authz: send SNI in CheckRequest to the authorization server (#25775)

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 89eabf6847cbe0cdb786ae776c73e165483e82a6
2 years ago · 76b7f0785c
parent 81f0aab40e
commit 76b7f0785c
2 changed files with 19 additions and 2 deletions
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@ -26,7 +26,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
 // [#extension: envoy.filters.http.ext_authz]
-// [#next-free-field: 18]
+// [#next-free-field: 19]
 message ExtAuthz {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.filter.http.ext_authz.v2.ExtAuthz";
@ -179,6 +179,12 @@ message ExtAuthz {
  //  consequently the value of *Content-Length* of the authorization request reflects the size of
  //  its payload size.
  type.matcher.v3.ListStringMatcher allowed_headers = 17;
  // Specifies if the TLS session level details like SNI are sent to the external service.
  //
  // When this field is true, Envoy will include the SNI name used for TLSClientHello, if available, in the
  // :ref:`tls_session<envoy_v3_api_field_service.auth.v3.AttributeContext.tls_session>`.
  bool include_tls_session = 18;
 }
 // Configuration for buffering the request data.
--- a/envoy/service/auth/v3/attribute_context.proto
+++ b/envoy/service/auth/v3/attribute_context.proto
@ -38,7 +38,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // - field mask to send
 // - which return values from request_context are copied back
 // - which return values are copied into request_headers]
-// [#next-free-field: 12]
+// [#next-free-field: 13]
 message AttributeContext {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.service.auth.v2.AttributeContext";
@ -155,6 +155,12 @@ message AttributeContext {
    bytes raw_body = 12;
  }
  // This message defines attributes for the underlying TLS session.
  message TLSSession {
    // SNI used for TLS session.
    string sni = 1;
  }
  // The source of a network activity, such as starting a TCP connection.
  // In a multi hop network activity, the source represents the sender of the
  // last hop.
@ -176,4 +182,9 @@ message AttributeContext {
  // Dynamic metadata associated with the request.
  config.core.v3.Metadata metadata_context = 11;
  // TLS session details of the underlying connection.
  // This is not populated by default and will be populated if ext_authz filter's
  // :ref:`include_tls_session <config_http_filters_ext_authz>` is set to true.
  TLSSession tls_session = 12;
 }